×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

101 comments

Index/Evidence (5, Insightful)

Anonymous Coward | about 2 years ago | (#39887623)

Is it indexical? Yes. Is it evidential? No.

Translation: unreliable.

Re:Index/Evidence (4, Interesting)

leuk_he (194174) | about 2 years ago | (#39887829)

If it is unique enough to identify (not verify ) you, then it could be used to proove user XXX did the fraudulant things on PC Y, instead of the logged on user YYY.

Re:Index/Evidence (4, Insightful)

Hillgiant (916436) | about 2 years ago | (#39889155)

Pro tip:
Before you do something illegal on your computer, switch to your non-dominant hand to maintain deniability.

Re:Index/Evidence (1)

bacon.frankfurter (2584789) | about 2 years ago | (#39890373)

I, for one, will be scripting all my mouse movements with bezier curves developed remotely on another machine, and transmitted via an interactive remote desktop connection.

Re:Index/Evidence (1)

Anonymous Coward | about 2 years ago | (#39892419)

So if I collect enough data on your mouse movements, I can write a program that moves the mouse in order to prove you used my machine?

Re:Index/Evidence (0)

Anonymous Coward | about 2 years ago | (#39901693)

Just calling yourself "user XXX" is enough to get you in trouble in some parts of the world via NSA auto scans . - never mind which hand you use to hold your "mouse".

Re:Index/Evidence (0)

Anonymous Coward | about 2 years ago | (#39888291)

VERY unreliable. So unreliable as to be meaningless in many situations.

Re:Index/Evidence (2)

HetMes (1074585) | about 2 years ago | (#39888347)

Translation: you're not getting the point. Lots of false negatives and false positives is still a lot better than random guessing. Also, this is just the beginning.

Re:Index/Evidence (3, Insightful)

JasterBobaMereel (1102861) | about 2 years ago | (#39888643)

Lots of false positives and negatives make the system constantly alerting and having to be manually checked .... i.e. annoying and people get used to just accepting that it is always warning ...

A system that is constantly flagging alerts is next to useless ...it is only marginally better then alerting all the time ....

Re:Index/Evidence (2)

Thugthrasher (935401) | about 2 years ago | (#39889123)

Until, of course, the system gets better and has less false negatives and false positives. And integrates with other systems, as another level of check.

Just because this iteration of it isn't that useful does NOT mean it's a bad idea that will never be useful. Technology is often incremental, and while the beginning steps are unreliable, they are still very important ones.

Re:Index/Evidence (0)

Anonymous Coward | about 2 years ago | (#39891201)

If the system gets better and has less false negatives and false positives. And integrates with other systems, as another level of check.

Fixed that for you.

The problem is that there no proof that the premise that mouse movements are sufficient to identify a user, is actually true. If it's not than this technology is fundamentally flawed.

Re:Index/Evidence (1)

BradleyUffner (103496) | about 2 years ago | (#39891451)

If the system gets better and has less false negatives and false positives. And integrates with other systems, as another level of check.

Fixed that for you.

The problem is that there no proof that the premise that mouse movements are sufficient to identify a user, is actually true. If it's not than this technology is fundamentally flawed.

And perhaps this technology can be used to either prove or disprove that.

Re:Index/Evidence (2)

Lexx Greatrex (1160847) | about 2 years ago | (#39890365)

Translation: you're not getting the point. Lots of false negatives and false positives is still a lot better than random guessing. Also, this is just the beginning.

On the contrary: Equally large amounts of false negatives and false positives is exactly the same as random guessing. [Shannon, 1948]

Re:Index/Evidence (1)

StrongAxe (713301) | about 2 years ago | (#39895363)

On the contrary: Equally large amounts of false negatives and false positives is exactly the same as random guessing. [Shannon, 1948]

Not true in general. For example, a system that yields 1% false negatives and 1% false positives is still 98% reliable, and much better than random guessing.

Re:Index/Evidence (1)

Lexx Greatrex (1160847) | about 2 years ago | (#39898723)

Not true in general. For example, a system that yields 1% false negatives and 1% false positives is still 98% reliable, and much better than random guessing.

Granted, but we are talking about this specific article and not "in general". Since mouse movements are sometimes used as an entropy source for RNG seed material (http://www.freepatentsonline.com/5799088.html, for example) indicates that the uncertainty could be closer to random chance. Ie <<2-sigma

Trackball (4, Interesting)

thed8 (1739450) | about 2 years ago | (#39887629)

i use a trackball and because of carpall tunnel switch hands often. i guess they could ID me from that alone. but really telegraph operatos could tell who was sending in the 1800's. it took us long enough.

Re:Trackball (4, Insightful)

Chrisq (894406) | about 2 years ago | (#39887895)

but really telegraph operatos could tell who was sending in the 1800's. it took us long enough.

Remember this for when someone starts trolling a patent

Re:Trackball (5, Interesting)

PopeRatzo (965947) | about 2 years ago | (#39888857)

i use a trackball and because of carpall tunnel switch hands often. i guess they could ID me from that alone. but really telegraph operatos could tell who was sending in the 1800's. it took us long enough.

I don't think they're trying to use this like fingerprints or retina. I gather (from not reading the article) that they just want to know if the person who usually uses this computer is the guy who is now using this computer. And I'm guessing that all the little ticks and taps that go on when you're reading something and just have your hand (left or right) resting on your ball (left or right) is pretty distinctive.

It made me notice just now that I do a little rhythmic dance with my pointer while I'm reading. Like a nervous tic. I never realized that until just now.

Re:Trackball (1)

The Wild Norseman (1404891) | about 2 years ago | (#39892895)

It made me notice just now that I do a little rhythmic dance with my pointer while I'm reading. Like a nervous tic. I never realized that until just now.

Oh, that must be you just making the sign of the cross over each of us slashdot sinners.

By the way, whenever I see your 'nym "PopeRatzo" I always picture in my head SNL's Father Guido Sarducci reading your posts out loud, complete with hat and cigarette waved around for emphasis.

Makes my day a little brighter.

Re:Trackball (1)

PopeRatzo (965947) | about 2 years ago | (#39895573)

By the way, whenever I see your 'nym "PopeRatzo" I always picture in my head SNL's Father Guido Sarducci reading your posts out loud, complete with hat and cigarette waved around for emphasis.

You have no idea how close that is to the truth.

Re:Trackball (1)

Lucractius (649116) | about 2 years ago | (#39924121)

I use a pretty odd arrangement at work & it makes my work 'mouse behavior' very different. I use a trackball i bought myself at work and I've always been aware that having to move my arm less to use it seems to have increased the 'nervous tic' like mousing behaviors.

Best example of which is that if I'm working my way through a page of boring documentation, its quite likely (>25% probability) that I will be highlighting & un-highlighting bits of the paragraph as I read it for no reason at all. This behavior is completely context dependent. I only seem to start doing it when reading long sections of text, and not when for instance I'm reading a long section of text/code in my editor.

Your comments about noticing the tic has made me realize that i have several very distinct different patterns depending on what is going on. I wonder if this would throw off their algorithm due to passing a difference threshold that they cannot correlate against, such as the type of text I'm reading.

for now.. (1)

Anonymous Coward | about 2 years ago | (#39887649)

But just like everything else, they'll come up with some sort of automation that replicates the some-what erratic mouse gestures a human does to get around this "security".

Re:for now.. (1)

Robadob (1800074) | about 2 years ago | (#39887671)

Or just a touch screen effect where the mouse instantly moves to the target rather than travelling between.

Re:for now.. (3, Interesting)

jones_supa (887896) | about 2 years ago | (#39887827)

If you sneak into someone's office, how are you going to start such automation that replicates the behavior of the owner of the machine?

Re:for now.. (1)

SuricouRaven (1897204) | about 2 years ago | (#39888045)

USB not-a-mouse-but-looks-like-one-to-software? Or a tablet/laptop with an app that draws a moving image on the screen to fool optical mouse tracking?

Re:for now.. (1)

jones_supa (887896) | about 2 years ago | (#39888189)

If I understood the article correctly, you would need to generate mouse input that resembles the patterns of the real user, to keep the machine usable.

Re:for now.. (4, Insightful)

JasterBobaMereel (1102861) | about 2 years ago | (#39888653)

If you can sneak into someone's office and use their computer at all, then detecting people by mouse movements is the least of your worries

Your staff leaving their computer unlocked, their door unlocked, and their office unattended, and no-one noticing are much worse security issues ...

Re:for now.. (1)

cerberusss (660701) | about 2 years ago | (#39889633)

Your staff leaving their computer unlocked, their door unlocked, and their office unattended, and no-one noticing are much worse security issues ...

Yeah, the secretary might have her handbag in the office, in which case you could find cool stuff like used handkerchiefs or even a spare panty or somesuch!

*pauses* *coughs* I'm merely pointing this out as a purely hypothetical case, of course. I don't condone, nor have ever engaged in any such activities. *looks down* *hurries away*

Re:for now.. (0)

Anonymous Coward | about 2 years ago | (#39890789)

Many women carry around small vibrators the size of lipstick in their purse. They use these throughout the day. Yes, I've caught women masturbating at the office frequently. Don't make them feel embarrassed, and you'll probably get lucky. I have.

Re:for now.. (0)

Anonymous Coward | about 2 years ago | (#39891921)

My mom carries around small vibrators the size of lipstick in her purse. She uses these throughout the day. Yes, I've caught her masturbating at home frequently. Don't make her feel embarrassed, and you'll probably get lucky. I have.

FTFY

Re:for now.. (1)

jones_supa (887896) | about 2 years ago | (#39890145)

If you can sneak into someone's office and use their computer at all, then detecting people by mouse movements is the least of your worries

Your staff leaving their computer unlocked, their door unlocked, and their office unattended, and no-one noticing are much worse security issues ...

Sure, but this mouse thingy might still be an useful extra security feature after those basic things are taken care of.

And then get locked out... (5, Insightful)

Lord Lode (1290856) | about 2 years ago | (#39887673)

And then get locked out if you come from cold weather outside and cold hands somehow make you move differently...

Re:And then get locked out... (0)

Anonymous Coward | about 2 years ago | (#39887803)

Or if you buy a new mouse, or use the trackball in your keyboard, or pick up a tablet/stylus, or pick up your mouse with your left hand instead of the right, or change your mouse surface, or change your cursor speed.....

Yeah, I'm sure they found a way to account for all that.

Re:And then get locked out... (5, Insightful)

jones_supa (887896) | about 2 years ago | (#39887835)

Then you would get a screen which requires some additional authentication to solve the situation, and after that disable the mouse protection for a while (so that your hands can warm up).

Re:And then get locked out... (4, Interesting)

Hentes (2461350) | about 2 years ago | (#39888263)

True, while this system is too unreliable to work on it's own, I can imagine a hybrid solution where it pops up a traditional password authentication if you move your mouse differently than usual. It could be of some use in high-security places in case an employee leaves the machine on and forgots to log out, but then if you have enemies gaining physical access to your security-sensitive stuff you have already failed.

Re:And then get locked out... (2)

CastrTroy (595695) | about 2 years ago | (#39888845)

The problem with this is that people will forget the password, or it will be really weak so they dont't have trouble remembering it the 3 times a year they need it. I've noticed this a lot where I work. If you don't use a password at least every week, then it's often forgotten, especially when one is in a rush, and needs to log into a system straight away.This is also a problem with passwords that change too often. if you have to change your password every 30 days, then users will often change their password, and then forget it by the next time they have to type it in. I like how windows warns me up to 2 weeks in advance that My password requires changing. When I see this, I start thinking about what my next password will be, and I always change it on a Monday. Much less chance of forgetting it over night than over a weekend.

Re:And then get locked out... (1)

Wattos (2268108) | about 2 years ago | (#39890437)

if you have to change your password every 30 days, then users will often change their password, and then forget it by the next time they have to type it in. I like how windows warns me up to 2 weeks in advance that My password requires changing. When I see this, I start thinking about what my next password will be, and I always change it on a Monday. Much less chance of forgetting it over night than over a weekend.

Are you saying that your password is actually not ?
These "change your password every X" system are extremely stupid and create password which are weaker than the original password (e.g. append a 1 every time). So in my example, I always change the password every month, and append the current month + year my base password. This fools the security check but does not introduce any additional security. E.g.

base pass= abcd
Pass in January 2012: abcd012012
Pass in February 2012: abcd022012 ...

Re:And then get locked out... (1)

jones_supa (887896) | about 2 years ago | (#39893125)

The problem with this is that people will forget the password, or it will be really weak so they dont't have trouble remembering it the 3 times a year they need it.

They can use their normal account password to get back. The mouse-movement-thing is just something extra that stops the action if someone else starts screwing with an unlocked, logged-in workstation.

Re:And then get locked out... (1)

CastrTroy (595695) | about 2 years ago | (#39894897)

A skilled user could do anything they needed to do without even touching the mouse. If the person leaves their computer unlocked, and the attacker starts using the keyboard to do all the commands, then there'd be no way for the system to lock them out. You could lock out people who don't use the mouse often enough, but that is problematic as well.

...until regular business hours (1)

tepples (727027) | about 2 years ago | (#39888925)

Then you would get a screen which requires some additional authentication to solve the situation

If it were deployed on a site available to the public, the screen would likely say "Please call this telephone number during regular business hours." On a Friday evening before a bank holiday Monday. Or worse yet, "Please visit the nearest branch during regular business hours."

Re:And then get locked out... (1)

michelcolman (1208008) | about 2 years ago | (#39887885)

Or if you had a few drinks, smoked some pot, or are just simply a bit tired or excited or...

Re:And then get locked out... (5, Funny)

Anonymous Coward | about 2 years ago | (#39888165)

If it detects you're excited, it logs you in, but defaults the browser to private mode.

Re:And then get locked out... (1)

lxs (131946) | about 2 years ago | (#39888275)

All good reasons not to be allowed near a machine that has access to email, IM or Facebook. (With Twitter users you can't really tell the difference between drunk and sober anyway.)

Re:And then get locked out... (0)

Anonymous Coward | about 2 years ago | (#39888075)

or if it's that time of the day again when you have to use the left hand...

Re:And then get locked out... (1)

khr (708262) | about 2 years ago | (#39888507)

And then get locked out if you come from cold weather

I believe that would be "frozen out" not "locked out".

Not persistent enough. (5, Insightful)

Xtense (1075847) | about 2 years ago | (#39887675)

I see several potential problems with this kind of identification. One of the biggies is switching hardware and the other - potential hand injuries.

Changing mice is the biggest issue, i think. Every mouse has a different shape and ergonomy, so it is being used differently by the same user, especially during the adjustment period. This also doesn't take into account the potential precision differences of the mouse. Plus, switching to an entirely different control scheme, like a tablet or trackball, screws up any tracking attempts.

The other problem is hand injuries - from a simple finger cut to advanced problems with nerve or bone structure. In addition to slowing down the usage, tracking movement will show an entirely different schemes of usage. This one hits especially close home to me, since having recently developed numbness and coordination problems in my dominant hand due to a relapse of Multiple Sclerosis, i now struggle to use a mouse at all and have almost completely switched to a thumb-operated trackball.

This identification method might be useful in highly integrated/high-security environments, where employees seldom change, or for protecting single-user terminals, but the hand injury problem trumps these uses, too.

Re:Not persistent enough. (4, Insightful)

tinkerton (199273) | about 2 years ago | (#39887689)

"potential problems" can mean different things. Who needs permanent identity verification? This could be a niche product, so scenarios where you get locked out each time you start gaming could be irrelevant. In that case dramatic mouse changes requiring retraining wouldn't happen frequently either.

Re:Not persistent enough. (4, Informative)

Xtense (1075847) | about 2 years ago | (#39887709)

The article specifically mentions "continuous verification", implying a workplace/business environment, where motions of the pointer are probably repetitive enough for the software to pick up on. This, of course, also implies not having to switch mouses every so often, but every time there IS a global company-wide switch of hardware, the ID software will go completely bananas, locking out every worker there. Without a method of purging already generated schemes for every user, this is just begging for a catastrophical company lockdown.

Re:Not persistent enough. (1)

stephanruby (542433) | about 2 years ago | (#39888149)

The article specifically mentions "continuous verification", implying a workplace/business environment, where motions of the pointer are probably repetitive enough for the software to pick up on.

The article also implies a country where the workers can't sue their employers for giving them the carpal tunnel syndrome.

After all if Pavlov were alive today, he'd argue that the seemingly insignificant penalty of getting a login screen requiring a password every time a small variation in behavior occurred would eventually condition the behavior of the computer operator and perhaps would probably cause even more employees than usual that get repetitive strain injuries as a result of their work.

Re:Not persistent enough. (0)

Anonymous Coward | about 2 years ago | (#39893047)

Does it take into account cases where a user lets someone else use their computer for some reason, the user could be supervising what is going on on their account, but because the software recognises they aren't using it it locks the account. Wouldn't a better solution be some sort of wireless proximity detector, like an extension of those programs that lock/unlock your computer based on the proximity of a bluetooth device but made secure (if a regular bluetooth pairing isn't secure enough, perhaps an extra cryptographic handshake).

Re:Not persistent enough. (0)

Anonymous Coward | about 2 years ago | (#39887699)

Most people don't change mice on a regular basis, and hand injuries are relatively uncommon. Switching to a tablet or trackball isn't an issue, because the point of this is authentication not tracking: you want the system to detect you correctly.

All you need is the standard fallback of going to IT and having them reset your data, and your problems vanish. In a personal setting, the fallback would be a password instead, which is no longer needed for every login.

Re:Not persistent enough. (1)

Canazza (1428553) | about 2 years ago | (#39887703)

Basically, when someone plugs a new mouse in, it'll have to reset itself, which completely negates the security of the technique anyway. If you're using the computer you've likely got hardware access to atleast plug in a new mouse.
In a high security area there are much better ways of tracking who's using what, and this just seems like it'll be too easy to a) fake and b) work around and c) gain false negatives

Re:Not persistent enough. (2)

michelcolman (1208008) | about 2 years ago | (#39887907)

Yes, most people working in an office use at least four or five different mice and switch between them several times a day. Therefore, the system is totally useless. It could only possibly work for the kind of people who barely even know where to plug in a mouse, which is... oh, wait.

I used four mice. Squeak. (1)

tepples (727027) | about 2 years ago | (#39888989)

When I worked in a warehouse, I would ordinarily use the mouse attached to the Windows workstation at the desk in my office and the mouse attached to the Linux development workstation during the day. When developing fixes or new features for the warehouse automation software, I would also use the mouse attached to the computer at which orders were packed and the mouse attached to the computer at which packages were weighed and postage labels were printed.

Re:I used four mice. Squeak. (1)

michelcolman (1208008) | about 2 years ago | (#39890345)

Yes, but they're all attached to different devices, so that would not matter in this case as each device would create its own profile of your mouse usage on that device.

Re:Not persistent enough. (1)

solarissmoke (2470320) | about 2 years ago | (#39887715)

I don't think they are suggesting that this would be a security/verification system in and of itself, just part of one. So for example if mouse movements appeared different (say due to new hardware) then it would prompt for a password or key, but otherwise it would verify them. No different really to if a user forgets a password and is required to do some extra things (secret questions, backup email etc) to verify their identity.

Re:Not persistent enough. (2)

Xtense (1075847) | about 2 years ago | (#39887735)

Yes, in this case the method would work. The only remaining problem to address is whether it is sensitive enough to not give false-positives with random hand-related problems due to, for instance, weather conditions, and how will it impact workflow around a potential office - in a typical setup, even if workers are limited to their own cubicle, they often help each other out by going over to someone else's computer and doing something there. This, of course, depends on company policy, but having the computer continuously lock down on account of someone helping me with something definitely will cost time.

Re:Not persistent enough. (1)

gl4ss (559668) | about 2 years ago | (#39887761)

I'm pretty sure their system works nicely for data input role workers - and not at all for anyone doing anything more complex with variety.

for just about anything else.. the profiling can't be very good. basically they can detect if you change your mouse, screen resolution, if you change where you "rest" your mouse between clicks and such. big deal.

Re:Not persistent enough. (1)

jones_supa (887896) | about 2 years ago | (#39888219)

Changing mice is the biggest issue, i think.

That's far from being the biggest issue. The tough part is tuning the system so that it offers real protection, but at the same time does not get in the way of the authorized user of the computer.

Elsevier... (1)

Anonymous Coward | about 2 years ago | (#39887697)

Seriously? Why does anyone even bother to publish computer science papers there, other than because the work is too poor to be accepted by a good IEEE or ACM conference or journal?

Re:Elsevier... (1)

fedt (1096053) | about 2 years ago | (#39887741)

This is the future!

Bank of America modal dialog: "Your session has been destroyed for security purposes. Either you had two or more drinks, or your session has been hijacked (our IT guys say this happens from not upgrading your browser). Please login again and answer at least 3 security questions."

Eh, it wouldn't be that bad though. It would probably be more like the Wii Motion Plus...wanting to recalibrate every 3 minutes...

Re:Elsevier... (1)

michelcolman (1208008) | about 2 years ago | (#39887925)

Exactly. They pissed off too many serious researchers with all their restrictions and paywalls, are getting boycotted as a result, and now this is the only kind of stuff they can still get their hands on.

Hmmm (1)

blackicye (760472) | about 2 years ago | (#39887757)

This is an interesting direction for collecting metrics, and could obviously be used to evil(tm)

Depending on how they collect the data there are multiple potential sources for data collection.

DPI/Sensitivity of the mouse (which users generally do not change)
Algorithm/mouse smoothing (with enough data resolution can even narrow this down the sensor and processor used or even brand and model of mouse)
speed of click/double click user inputs.
degree and pitch of side to side or top to bottom of screen mouse tracking.
Possibly even imperfections on the mousing surface or table.

Most people tend to use the same mouse for 1 - 5 years, so there is more than sufficient time to build up a usage patterns database, this would be a rather evil way of tracking users if it is eventually refined enough.

This is likely going to be far more useful for tracking and advertising than as a security mechanism.

javascript and anonymity on the web? (0)

Anonymous Coward | about 2 years ago | (#39887813)

If someone writes a javascript library that implements this algorithm, then you can decide if two users are using the same account.

Perhaps you can also use it to uncover bots in simple games in webgames.

Verifying a user by following his dick. (0)

roman_mir (125474) | about 2 years ago | (#39887815)

Just place that right there, into the receptacle, while we are going to show you these images.

There are a few problems with this approach of-course, first of all signing into an ATM somewhere in public will look suspiciously like fucking a box, and secondly this excludes about half of the population from the technique, so I guess it's a bit discriminatory. Of-course they could have special attachments with sensors on them for the other half of the population.

Re:Verifying a user by following his dick. (1)

Magada (741361) | about 2 years ago | (#39887893)

I'm pretty sure that just the overall appearance of said appendage is enough to positively ID someone.

Re:Verifying a user by following his dick. (1)

michelcolman (1208008) | about 2 years ago | (#39887943)

But then how will women get money when they're having their period? Surely their characteristics will change a bit? Not saying it would be impossible, I'd love to see someone implement it, but I'm not sure it would be cost-effective.

Re:Verifying a user by following his dick. (1)

roman_mir (125474) | about 2 years ago | (#39887979)

I guess it's just that time of the month, you just can't operate heavy machinery. Nature, what are you gonna do?

vi code.cpp (2)

martin-boundary (547041) | about 2 years ago | (#39887973)

*tap* *tap* *tap* *tap* *tap*
ZZ
vi more_code.cpp *tap* *tap* *tap* *tap* *tap*
ZZ
vi extra_code.cpp *tap* *tap* *tap* *tap* *tap*
ZZ
firefox http://www.slashdot.org/ [slashdot.org]
INTRUDER ALERT! INTRUDER ALERT! AUTOMATIC LOGOUT AND SHUTDOWN IN PROGRESS!

Re:vi code.cpp (0)

Anonymous Coward | about 2 years ago | (#39888361)

No. more like:

vi code.cpp
Tap tap tap.. ... ...
vi extra.cpp
tap tap tap ... ... ....

emacs code.cpp

Intruder alert!!!!!!!

Not new (0)

Anonymous Coward | about 2 years ago | (#39888615)

F5 [f5.com] has been doing this for some time now.

A part of their Application Firewall will inject a javascript into HTTP requests if it suspects the access pattern is suspicious for any website it is protecting.

This javascript will then check for mouse movements and a few other things.

So... (1)

Nesa2 (1142511) | about 2 years ago | (#39888711)

Depending on my mood, I'm likely to get locked out? God forbid I should start using a new app, that would also lock me out as mouse movement are sure to be different. Maybe I slept bad, and my arm hurts? Maybe it's just stress over review coming up?

Basically if any conditions change in user's personality of physiology, or computer's configuration, or your routine daily tasks security app would be useless.

If it was used as part of hybrid solution its still useless, why just not get timed user prompt in high-security areas to have user enter it every 30 minutes. That is more secure.

If it was used in some medical sense to identify changes in stress or personality,or mental issue outbursts about to occur by logging your mouse movements, then I'd say great!

Re:So... (1)

jones_supa (887896) | about 2 years ago | (#39893713)

Basically if any conditions change in user's personality of physiology, or computer's configuration, or your routine daily tasks security app would be useless.

That does not immediately make the software completely useless. It still works when you are functioning in your mainline. During days which your behavior is deviant enough, you might just disable the feature for a while, or something.

And even if it would still get too much in your way, you could make it so that instead of completely locking the session, it would simply log the spurious events so you could check them if necessary.

Rich Little / Marcel Marceau Trojan discovered (1)

retroworks (652802) | about 2 years ago | (#39889309)

Anonymous just announced they can imitate my mouse movement. Damn that was fast, I don't even have a more current reference for it.

Different pointing devices? (1)

Smigh (1634175) | about 2 years ago | (#39889499)

I use three different types of mice during the day. Different types means different patterns due to the way they're used. Even if I use different mice of the same type, they vary wildly in sensitivity. Plus, if I use a mouse in a different pc, I'm never sited in the same way at the same exact distance (actually, I'm usually standing, leaning over the desk) which means that a different mechanic will be used by my body to get the cursor where I want it to be.

All in all, this is a cool idea but I can't see it have any practical use unless in very specific scenarios for very specific purposes.

Have my doubts on it's effectiveness (1)

Anonymous Coward | about 2 years ago | (#39889585)

A few things make me doubt this.

People whom are familiar with playing games that have a lot of hot keys (like mainstream MMOs), and take the time to look up the hot keys built into their OS tend to use those hot keys because it easier than moving the pointer across the screen to hit a 1 to 3 key combination. Same would likely hold true for modelers, coders, and people whom use Linux often, or any other scenario where learning the hot keys of a program simplifies usage a lot.

Then there are mice like Razer's, with DPI adjustment buttons built onto the mouse device itself. I love my Lachesis for those buttons, on days when my hand motions are particularly good just ramp it up to max DPI and whip through mousing like there's no tomorrow; days where I'm recovering from a full night of coding a lower DPI to compensate for sluggish response.

Memory impairments will be another roadblock. I've seen my mother whom has serious problems with remember things at times moues around a computer almost at random trying to find something she was looking for but not remembering where she put it. Other days she'll navigate menus with the precision of someone that's used the same computer for years on end.

Carpel tunnel and arthritis are another problem. Several people in my family suffer from these two, and I see just how detrimental it is to using a computer mouse everything I watch one of them use a computer. The shaking that comes with those isn't constant and would require a long sample period to identify a pattern if a pattern even exist at all outside of the inaccurate mouse movements.

Then there are programs like ten key. These are programs which allow screen navigation by dividing the screen into a grid, with buttons to press to divide a cell of the grid into a smaller grid, repeating until the desired point is reached on the screen. If it wasn't for the cost of such programs or I had a disability that allowed my medical insurance to cover it, my mouse would just be there for art and gaming (seriously $300 suite of programs just to gain access to the one is stupid).

I have no doubt mouse motion can be used to determine what type of user your dealing with, but it's far from a reliable virtual fingerprint. Even when it comes to identifying the type of user, requires a longer sample period than most websites will be given by a user that isn't satisfying intense curiosity.

Pointer device vs touchpad vs mouse (1)

anjrober (150253) | about 2 years ago | (#39889587)

These types of solutions are problematic.

My mouse use varies quite a bit from my mouse in my office, to my use of the Pointer Device on my ibm laptop to my home laptop with a touchpad. All yield very different mouse actions.

I also don't like these solutions that there are times when you want someone else to access your acct. For example, my brothers bank uses a validation system that measures how you type your password for an additional layer of security. My brother was in a situation where i needed to access his acct. he gave me the username and password but the damn system would not let me in since i type his password at a different cadence/pace/whatever then he does.

these things all suck.

3 profiles for me please (2)

nadamucho (1063238) | about 2 years ago | (#39889609)

I'll need to train 3 modes: 1) Optical/Laser mouse 2) Trackpad for my laptops 3) Optical/Laser mouse when I'm eating Cheetos

Profit! (0)

Anonymous Coward | about 2 years ago | (#39890509)

1. Call friends at ICE and have them seize TPB but continue to operate
2. Install mouse-tracking software, build profile
3. Record clicks on magnetic links and tie to profile
4. Use conventional means to tie logged IP address(es) to profile
5. Use the judicial system to acquire subsciber data for IP address(es)
6. Send out settlement letters, detailing the identification process
7. Profit!

No ??? needed here.

Lockout (0)

Anonymous Coward | about 2 years ago | (#39890631)

Some one was doing this with keyboard bio-metrics. You may wanna take a look at that project.

http://www.reddit.com/r/netsec/comments/o9qzw/browser_securitey_using_keystroke_biometrics/

But sometimes I need to use the other hand! (0)

Anonymous Coward | about 2 years ago | (#39892617)

What about the times when my primary hand is umm, otherwise occupied?

kitten functions (0)

Anonymous Coward | about 2 years ago | (#39895937)

Basically you have a dsp kitten chase the mouse looking for characteristic twitches. I planned to augment user experience with it.

Program compatibility (0)

Anonymous Coward | about 2 years ago | (#39898269)

There was a post about becoming aware of rhythmic mouse movement during reading, as revenge, I will make you aware of your breathing, manual breathing mode entered.
Back on topic: As geeks, we rarely move the mouse, I navigate with the keyboard and play with the mouse while reading (as previously mentioned). BUT: in a program or on a site where I can not use the keyboard to navigate or when playing a video game involving the mouse, my patterns change significantly. This would have to be a fairly smart and likely laggy program to determine the applications/processes running and adapt accordingly, it would also have to be aware of the application selected and the current condition of the application (which webpage, what part of a video game, etc.).
Is it worth it? I think a password is much easier, and locking more important files/data with a secondary password is just as reliable.

what's this mouse thingy ? (0)

Anonymous Coward | about 2 years ago | (#39899439)

how do I install a mouse in a terminal
apt-get install gpm ?
will that work ?

I announce my mouse driver scrambler patent! (0)

Anonymous Coward | about 2 years ago | (#39901947)

I hereby announce and publicly disclose (for new usa patent law premption proof) writing a mouse driver to add a little "shimmy" to all input to prevent user tracking via mouse movements (take that Google - cause we know you are already thinking if mouse tracking can replace google analytics)

similar thing has been already done (0)

Anonymous Coward | about 2 years ago | (#39908787)

IBM has implemented, years ago (circa 2000), a security system which was able to verify the user judging by how he or she was typing. It was succesful to some extent. Sourcecode and papers should be still available on IBM web pages.

passwords (1)

zodwallopp (1243130) | about 2 years ago | (#39914261)

Could be a novel way to create passwords, instead of using alphanumeric 'words' you could have the computer remember mouse gestures. Two circles a triangle and a dong later... logged in.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...